[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec SA DELETE in "dangling" implementation

To: ipsec@lists.tislabs.com
Subject: Re: IPSec SA DELETE in "dangling" implementation
From: Ricky Charlet <rcharlet@redcreek.com>
Date: Thu, 02 Dec 1999 08:59:47 -0800
Organization: RedCreek Communications Inc.
References: <199912020117.RAA11158@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

Dan Harkins wrote:
> 
>   But what if you do always keep up an IKE SA and you just suspend your
> laptop or pull the ethernet cable out and then do a shutdown? Now I've got
> the 2 IPSec SAs and an IKE SA. This problem isn't solvable. And it seems to
> be specific to mobile host implementations with short term SAs. Since IPSec,
> and IKE, are not mobile host-specific I don't think a general purpose rule
> to do this is necessarily needed. And, as you say, no big deal.
> 
>   I think a nice generic keep alive function would be more useful to
> implement. Why doesn't someone write a draft on this subject?
> 
>   Dan.
> 



	This is just a hypothetical question: If we did have a keep-alive
protocol, would there remain any value in sending DELETEs at all?


-- 
####################################
#  Ricky Charlet
#	(510) 795-6903
#	rcharlet@redcreek.com
####################################

end Howdy;

Follow-Ups:

Re: IPSec SA DELETE in "dangling" implementation

From: Slava Kavsan <bkavsan@ire-ma.com>

References:

Re: IPSec SA DELETE in "dangling" implementation

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: RE: IPSec SA DELETE in "dangling" implementation
Next by Date: RE: IPSec SA DELETE in "dangling" implementation
Prev by thread: keepalives (was Re: IPSec SA DELETE in "dangling" implementation)
Next by thread: Re: IPSec SA DELETE in "dangling" implementation
Index(es):
- Main
- Thread